STIGQter: STIG Summary: HP FlexFabric Switch L2S Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must have all trunk links enabled statically.

DISA Rule

SV-80571r1_rule

Vulnerability Number

V-66081

Group Title

SRG-NET-000512-L2S-000005

Rule Version

HFFS-L2-000022

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the HP FlexFabric Switch to enable trunk links statically.

[HP-GigabitEthernet1/0/1]port link-type trunk

Check Contents

Review the HP FlexFabric Switch configuration to verify that trunk negotiation is disabled by statically configuring all trunk links. Configuring a command to manually disable negotiation may also be required for some switch platforms.

If trunk negotiation is enabled on any interface, this is a finding.

Sample output:
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan X

Vulnerability Number

V-66081

Documentable

False

Rule Version

HFFS-L2-000022

Severity Override Guidance

Review the HP FlexFabric Switch configuration to verify that trunk negotiation is disabled by statically configuring all trunk links. Configuring a command to manually disable negotiation may also be required for some switch platforms.

If trunk negotiation is enabled on any interface, this is a finding.

Sample output:
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan X

Check Content Reference

M

Target Key

2977

Comments